fix(web): json_encode for REQUEST_URI enter in /reset-password

Ref: https://huntr.dev/bounties/75bd6901-5760-412d-96fc-b664e4644fea/
2025-03-30 04:17:02 +00:00 · 2021-09-09 21:38:08 +08:00 · 2021-09-09 21:38:08 +08:00 · e357d1cb91
commit e357d1cb91
parent ebf541ab91
1 changed files with 1 additions and 1 deletions
--- a/web/app/controllers/reset_pw.php
+++ b/web/app/controllers/reset_pw.php
@ -63,7 +63,7 @@ $(document).ready(function() {
 		if (!validateResetPwPost()) {
 			return false;
 		}
-		$.post('<?=$_SERVER['REQUEST_URI']?>', {
+		$.post(json_encode(<?=$_SERVER['REQUEST_URI']?>), {
 			reset : '',
 			newPW : md5($('#input-password').val(), "<?= getPasswordClientSalt() ?>")
 		}, function(res) {